Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compiler Crash "Assertion !AS->hasBoundsExpr() failed" #526

Closed
AnnaKornfeldSimpson opened this issue Jul 12, 2018 · 2 comments
Closed

Compiler Crash "Assertion !AS->hasBoundsExpr() failed" #526

AnnaKornfeldSimpson opened this issue Jul 12, 2018 · 2 comments

Comments

@AnnaKornfeldSimpson
Copy link
Collaborator

I made a change that I was certain was incorrect, but I wanted to see what guidance I would get from the error message. Instead, it seems to have been sufficiently unpredictable as to crash the compiler.
It prints the error message including Assertion !AS->hasBoundsExpr() failed then pauses for several seconds before printing the stack trace.

Attached are the information printed in the terminal window, and files specified in the bug report instructions (remove extra ".txt" extension after downloading).
clangCrashTerminalOutput.txt
parson-3e2b4f.c.txt
parson-3e2b4f.sh.txt
tests-c3dc85.c.txt
@AnnaKornfeldSimpson
Copy link
Collaborator Author

https://github.com/AnnaKornfeldSimpson/parson/tree/crashRepro
has files with unnecessary things cut out, and the diagnostic files.

Terminal output:
clang-6.0: /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:1478: bool {anonymous}::CheckBoundsDeclarations::AddBoundsCheck(clang::Expr*, {anonymous}::CheckBoundsDeclarations::OperationKind, bool): Assertion `!AS->hasBoundsExpr()' failed.
#0 0x00005652b1ca8089 llvm::sys::PrintStackTrace(llvm::raw_ostream&) /home/anna/repos/llvm/lib/Support/Unix/Signals.inc:398:0
#1 0x00005652b1ca811c PrintStackTraceSignalHandler(void*) /home/anna/repos/llvm/lib/Support/Unix/Signals.inc:462:0
#2 0x00005652b1ca62f7 llvm::sys::RunSignalHandlers() /home/anna/repos/llvm/lib/Support/Signals.cpp:49:0
#3 0x00005652b1ca78f5 SignalHandler(int) /home/anna/repos/llvm/lib/Support/Unix/Signals.inc:252:0
#4 0x00007f93c0363890 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)
#5 0x00007f93bf22ce97 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x3ee97)
#6 0x00007f93bf22e801 abort (/lib/x86_64-linux-gnu/libc.so.6+0x40801)
#7 0x00007f93bf21e39a (/lib/x86_64-linux-gnu/libc.so.6+0x3039a)
#8 0x00007f93bf21e412 (/lib/x86_64-linux-gnu/libc.so.6+0x30412)
#9 0x00005652b4835f09 (anonymous namespace)::CheckBoundsDeclarations::AddBoundsCheck(clang::Expr*, (anonymous namespace)::CheckBoundsDeclarations::OperationKind, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:1479:0
#10 0x00005652b483986d (anonymous namespace)::CheckBoundsDeclarations::VisitCastExpr(clang::CastExpr*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2384:0
#11 0x00005652b4838b87 (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2176:0
#12 0x00005652b4838d5c (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2206:0
#13 0x00005652b4838d5c (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2206:0
#14 0x00005652b4838d5c (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2206:0
#15 0x00005652b4838d5c (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2206:0
#16 0x00005652b4838d5c (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2206:0
#17 0x00005652b4838d5c (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2206:0
#18 0x00005652b4838d5c (anonymous namespace)::CheckBoundsDeclarations::TraverseStmt(clang::Stmt*, bool) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2206:0
#19 0x00005652b483ab6d clang::Sema::CheckFunctionBodyBoundsDecls(clang::FunctionDecl*, clang::Stmt*) /home/anna/repos/llvm/tools/clang/lib/Sema/SemaBounds.cpp:2765:0

@dtarditi
Copy link
Member

Yes, this is a compiler bug. The following small piece of code will trigger this crash:

struct obj {
  _Array_ptr<_Nt_array_ptr<char>> names : count(num);
  size_t num;
};

void f(const struct obj *object ) {
   size_t i = 0;
   _Nt_array_ptr<const char> t : count(0) = _Dynamic_bounds_cast<_Nt_array_ptr<const char>>(object->names[i], count(0));}

It looks like we are accidentally walking a bounds expression that the compiler has inferred to use when implementing the dynamic check. We end up traversing the IR for the expression object->names[I] twice, which triggers the assert.

dtarditi added a commit that referenced this issue Jul 30, 2018
@dtarditi
Fix compiler assert about bounds expression already existing.
9e8e4e4 
The children() method for iterating over chidren of AST cast expressions
was incorrectly including compiler-generated bounds expressions.  Child AST
nodes should be nodes that appear in the source program and additional
information shouldn't be treated as child nodes.   There were
complex IR invariants about when a bounds expression stored within a cast
expression was child AST node or not.

This change fixes the bug and simplifies the AST invariants. This fixes
issue #526. for cast expressions, there is now one entry for bounds expressions
declared as part of the program. There are separate nodes for normalized
bounds and inferred bounds.

Testing:
- Added a new regression test case for the failing case.
- Passes existing Checked C and clang Checked C tests.
@dtarditi dtarditi mentioned this issue Jul 30, 2018
Merged
dtarditi added a commit that referenced this issue Aug 1, 2018
@dtarditi
Fix compiler assert about bounds expression already existing. (#537)
8fb96d9 
The children() method for iterating over chidren of AST cast expressions
was incorrectly including compiler-generated bounds expressions.  Child AST
nodes should be nodes that appear in the source program and additional
information shouldn't be treated as child nodes.   There were
complex IR invariants about when a bounds expression stored within a cast
expression was child AST node or not.

This change fixes the bug and simplifies the AST invariants. This fixes
issue #526. for cast expressions, there is now one entry for bounds expressions
declared as part of the program. There are separate nodes for normalized
bounds and inferred bounds.

Testing:
- Added a new regression test case for the failing case.
- Passes existing Checked C and clang Checked C tests.
sulekhark pushed a commit that referenced this issue Jul 8, 2021
@Machiry
Fix bounds inference breakage due to declaration merging change (#526)
4a6ae1d 
Fixes #522.
@secure-sw-dev-bot secure-sw-dev-bot mentioned this issue Jan 16, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AnnaKornfeldSimpson @dtarditi